Wednesday, August 21, 2019

SQL Injection and Buffer Overflow Attack Detection

SQL Injection and Buffer Overflow Attack Detection CHAPTER ONE INTRODUCTION This chapter discussed about research requirement for this research. It discussed briefly the research background in section 1.1, problem statement in 1.2, research objectives in 1.3, research questions in 1.4, scope of research in 1.5, research elements in 1.6 and research significant in 1.7 1.1 Research Background The internet which is a free, supportive and self-sustaining facility reachable to hundreds of millions of people worldwide, have become one of important communication’s medium today. The greatest widely used part of the Internet is the web or World Wide Web (WWW). The Web uses the Hypertext Transfer Protocol (HTTP) to convey data through the Internet as HTTP is a well-known language over the Internet. There is a Web Browser that acts as the main door to the Internet if user wants to view the web pages in different websites. Web pages is a document that may contain text, videos, sound, images or any multimedia components created in Hypertext Markup Language (HTML). In addition, to make the process of searching specific web pages easier, there is Uniform Resource Locator (URL) where it standardized naming convention for addressing documents available over the Internet or Intranet. As Internet become more and more significant, there are some individuals identified as hackers that have the ability to interrupt the peace of using Internet. For that reason, network security is required. Network security emphasis on securing networks from any violence or exploit especially from hackers and typically handles by network administrator on each organization that applies security policy. Thus, to ensure the three main goals of security which are integrity, availability and confidentiality is guarantee, network security become the main role to some kind of vulnerabilities in web application. Vulnerabilities can be referring as the flaws where attacker can take benefit by exploiting it to gain unauthorized access to their target. There are two of the most common web application vulnerabilities that exist in a web application are Structured Query Language (SQL) Injection and Buffer Overflow (BOF). SQL Injection is an attack in which the attacker inserts SQL commands into form or parameter values. It exploits the use of SQL query in the application. SQL Injection has become a predominant type of attacks that target web applications. The Open Web Application Security Project (OWASP) ranks it on top among the Top-10 security threats. Buffer Overflow is an exploit that can make the memory allocated to a certain application become massive. For example, an application expecting a five-digit postcode therefore the programmer only allocates enough memory for the perimeter. If an attacker enters more than five digits for example hundreds of digit, the application will end up using more memory than what it should. As of September 2010, 12 of the 20 most severe vulnerabilities ranked by US-CERT were Buffer Overflow related. There are a lot of web application vulnerabilities detection scanners existing in Internet. Either it free source or need to buy, there are more or less problems faced by these tools. The common problem meet by some of the scanner are false positive and false negatives. A false positive is when there is an error whereby a web application tested for is mistakenly found the vulnerabilities which actually there is none. Meanwhile, false negatives are the scanner does not found any vulnerability in a web application and telling user that the web is secure. However, actually the web application may have some vulnerability. Thus, by proposed a method for detecting the web vulnerabilities through searching for the suspicious and defined web vulnerabilities criteria, it will help the web application administrator to take a look and always standby in secure mode to avoid and secure mode for avoiding any attacks from the attacker. 1.2 Problem Statement Usually developers of a web application does not realize that their web application have vulnerabilities. They only realize it when there is an attack or manipulation of their code by someone. This is normal as in a web application, there are thousands of lines of code so, it is not easy to detect if there is some mistakes (Houghton, 2013). Nowadays lots of new hacker are born as the tools and tutorials are easier to get. According to Dougherty (2012), even though SQL Injection is very easy to protect against, there are still large numbers of the system on the internet are vulnerable to this type of attack because there will be a few subtle condition that can go undetected. Besides, in Buffer Overflow, although many methods have been proposed to address this problem, it mostly very high overhead involves considerable additional resources (Zheng, Zhou Liu, 2015). Therefore, a detection method for detecting the SQL Injection and Buffer Overflow while producing minimum false positive a nd false negative was proposed. 1.3 Research Objective There are two objectives that have been achieved in this dissertation: To construct a detection method that can detect SQL Injection and Buffer Overflow attack in web application based on acknowledged features and characteristics of the vulnerabilities. To evaluate the performance of proposed method in term of accuracy and efficiency by conducted two sets of experiments under laboratory testing environment. 1.4 Research Questions There are four research questions that have been addressed in this dissertation: Is it possible to employ a dynamic method for SQL Injection and Buffer Overflow detection in web application? What are the criteria used to detect SQL Injection and Buffer Overflow in the proposed detection method? What is the evaluation metrics used to measure the performance of the proposed detection method? How to measure the accuracy and efficiency of the proposed detection method? 1.5 Scope of Research This dissertation focused on the web application vulnerabilities which are more specific on SQL Injection and Buffer Overflow. This dissertation limited to: Detection of web application vulnerabilities which are limited on: SQL Injection Buffer Overflow A number of vulnerable website’s URL collected from: http://www.thetechnism.com/ http://pastebin.com/ For detection of web application vulnerabilities of SQL Injection and Buffer Overflow, the criteria used are: Get the URL of website Tokenize the URL Match the pattern with the matching criteria based on Boyer-Moore Algorithm Get the web application vulnerabilities The evaluation metrics that used in this dissertation are accuracy and efficiency 1.6Research SIGNIFICANCE There are two significances of this dissertation: This dissertation able to provide a method that can detect SQL Injection and Buffer Overflow attack based on Boyer-Moore String Matching Algorithm. This proposed detection method also able to generate the report regarding the level of vulnerability of the web application. The proposed method can assistance the web application developer or administrator to take any extra action to protected their application from being attacked by the unethical person outside the network to SQL Injection and Buffer Overflow attack.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.